Patent · US Active

Electronic device and method for detecting malicious file

US10579798B2 · kind B2 · utility

0Cited by

6References

17Claims

0Family size

Assignee

Acer Cyber Security Incorporated · TW

Inventors

Ming-Kung Sun · Taipei, TW
Chiung-Ying Huang · Taipei, TW
Tung-Lin Tsai · New Taipei, TW
Gu-Hsin Lai · New Taipei, TW
Chia-Mei Chen · New Taipei, TW
Tzu-Ching Chang · New Taipei, TW

Key dates

Filing date	Aug 15, 2017
Grant date	Mar 3, 2020
Priority date	—
Expiry date	May 5, 2038

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/56
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

An electronic device and a method for detecting a malicious file are provided. The method includes the following steps: An executable file is searched, and an import table is extracted from the executable file. The import table includes at least a name of a first DDL and a name of a second DDL. A distance between the first DLL and the second DLL is calculated. Whether the distance exceeds a threshold is determined. If the distance exceeds the threshold, then whether a duplicate content of the import table exists in the executable file is checked. The executable file is regarded as a malicious file if the duplicate content of the import table exists in the executable file.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.